Newsletter of the Hartford User Group Exchange Nov., 2014
The PULP
Contents: The Quiz 3 HUGE this month: Live CD-ROMs 4 General Meeting: Nov. 18th Password Managers: What 5 They Are and How to Use This is a Tuesday !!! One
Geek Gifts
See you there! Calendar 10
New Location !!!!!
Knights of Columbus 2533 Main Street, Glastonbury, CT Q&A Session: 7:00PM–7:30PM Meeting starts at: 7:30PM
VOLUME 33 ISSUE 11 Page 1 Newsletter of the Hartford User Group Exchange Nov., 2014
The PULP is published monthly by and for members of the Hartford User MEETING LOCATION Group Exchange, Inc. (HUGE). HUGE is a nonprofit organization whose Knights of Columbus aim is to provide an exchange of information between users of personal 2533 Main Street computers. The PULP is not in any way affiliated with any computer Glastonbury, CT manufacturer or software company. Original, uncopyrighted articles appearing in the PULP may be reproduced without prior permission by other nonprofit groups. Please give credit to the author and the PULP, and send a copy to HUGE. The opinions and views herein are those of the authors and not necessarily those of HUGE. Damages caused by use or abuse of information appearing in the PULP are the sole responsibility of the user of the information. We reserve the right to edit or reject any articles submitted for publication in the PULP. Trademarks used in this publication belong to the respective owners of those trademarks.
Editor’s Corner
It’s been an intriguing year of new & interesting geek cheaper 'last mile' to home broadband service that products. In fact I’ve found enough to fill 2 meetings, so that’s would send data at about 500 Mbps from an access November & December. point on a tower or neighboring building to a small antenna on the customer's home. In the news -- A vintage Apple-1 sold for a record $905K. Don’t you wish you had bought one, and kept it in working Samsung announced it’s developing new 802.11ad Wi-Fi condition? BTW, how are you treating your current machine? technology that can increase network speeds fivefold, from the current 866Mbps per-device maximum to 4.6 Apple's Yosemite seems to share Spotlight search terms (by Gbps. That would let a 1 GB movie file transfer from default) with 3rd parties on the internet. There is a petition one device to another in under 3 seconds. by jumping (with 18,000 signatures) to stop the invasion of to the 60GHz frequency band. privacy(/spyware). Researchers are working on a battery that can last 20 Google is working on a nanoparticle-covered pill that can years, be charged 70 percent in two minutes . detect cancer. The nanoparticles could help detect arterial plaque or high sodium levels, and might replace standard blood Intel is reported to be working on a new technology tests to detect early signs of disease to secure credit card transactions. Researchers have demonstrated a technique that allows A virginia court has ruled that the police can demand attackers to hide Android malware in images. It seems to be a fingerprints to unlock your phone, but not the variation of Steganography which hides messages or files within other files. A patch is reportedly in the works. cont. pg. 9 A partnership between Adobe and Nielsen is providing broadcasters with detailed viewing data of what you’re watching/reading on your portable device (phone, tablet, Here is the appropriate copyright citation and a link to the laptop, or Roku). full text. articles from “Tidbits”
Mimosa Networks is a startup that builds uses Wi-Fi for http://creativecommons.org/licenses/by-nc-nd/3.0/
VOLUME 33 ISSUE 11 Page 2 Newsletter of the Hartford User Group Exchange Nov., 2014
A Little Computer Quiz by Stuart Rabinowitz
Answers to Oct., 2014 Quiz The trivia and minutiae of the computer related world. The answers will appear next 1 He recently (in August) apologized for creating month or you can submit an answer sheet at (one of) the most hated aspects of the internet. the General Meeting. Good Luck. What did he create? November is an anniversary month for A The pop-up Ad in the late 1990's HUGE, so a few trivia questions -- 2 What is his name? 1 Before there was a monthly quiz the PULP had another long running column. What was A Ethan Zuckerman it called? 3 Who was he working for? 2 Who wrote it? A Tripid,com 3 What was the best attended meeting held by HUGE? 4 Google recently began selling Google Glass. Who lead the team that developed the wearable 4 In 1989 Tim Berners-Lee hosted the first tech? website on the World Wide Web at CERN. What computer did he use? A Thad Starner 5 Where was the first website outside of 5 When did he begin working on the project? Europe? A in 1993
VOLUME 33 ISSUE 11 Page 3 Newsletter of the Hartford User Group Exchange Nov., 2014
Live CD-ROMs USB memory sticks. Owners of new machines will also By Dick Maybach, Member, Brookdale Computer Users’ have to disable the safe boot feature on Macs and secure Group, NJ boot on PCs. Secure boot is a new “feature” of PCs that December 2013 issue, BUG Bytes prevents software from running unless it has been www.bcug.com approved by Microsoft. You should be able to disable it, n2nd (at) att.net but not all PCs allow this. It will make running live CDs more difficult, and may prevent them from running on A live CD-ROM contains all the files normally stored on a some machines altogether. Finally, the use of live CDs computer's hard disk and when booted acts exactly the same on Macs can be problematic; you may have to do some as a hard disk, except of course that it can't store data. reconfiguration or even replace your wireless keyboard Although these media are normally called “live CD-ROMs,” and mouse, as these can have proprietary drivers. because they were available first, DVD-ROMs and USB memory sticks now can fulfill the same role. The hard disk Using a live CD-ROM to try out Linux on a Mac or PC plays no part when the PC boots from such a medium, and is a common application, but a Windows installation disk your PC will run fine even when its hard disk is is also an example, although it's limited to installing and malfunctioning or even absent. Moreover, the system leaves repairing Windows. Regardless of what is on the hard no traces on the PC of anything that occurred while it was disk, your computer will boot the live CD-ROM running. However, the PC's hard disk is available as a system; the hard disk has nothing to say about this. So storage medium, and, if it is operable, you can read from and long as you don't write to the hard disk, you can do write to it if you wish. Likewise, all the peripherals and whatever you like without affecting the installed ports are available; for example, you usually can access system, which won't even know a session has taken networks, including the Internet, use any USB devices, and place. CD- and DVD-ROMs and even memory sticks are do printing. There are several applications for live CD- much slower than hard disks, so don't expect speed. ROMs: Aside from this, operation should be the same as though • trial or installation of a new operating the system on the live CD-ROM were installed on your system, hard disk. If you have enough RAM, some light versions • file system repair, backup, and restore, file of Linux will transfer themselves to a RAM-disk, and recovery from corrupted hard disks, running diagnostics, disk these will be quite fast. cloning, and cleanup of malware, such as viruses and root kits, There are far too many portable operating systems to cover in this short article; see • anonymous Internet browsing, and https://en.wikipedia.org/wiki/List_of_live_CDs for very • temporarily using other computers without brief descriptions of many of them. Instead, I'll risking making unwanted changes to them or leaving your introduce some examples that you can use as starting passwords. points for the applications listed above. The overwhelming majority of portable operating system are Trying out a new operating system based on Linux, as both Microsoft and Apple require a separate purchase for each computer, and transferring one of Which operating system you try out depends on the age their operating systems among several computers violates of your hardware. (The critical feature that older their terms of service. There are a few based on DOS, but computers lack is Physical Address Extension or PAE.) they are quite limited compared to their Linux If your PC is modern enough to run Windows Vista or counterparts. later, you should consider Ubuntu (840 Mbytes) or Linux Mint (960 Mbytes). (See the following two Live CD-ROMs are most often available in the form of ISO screen-shots.) Both have complete office suites and all images. These aren't files; instead they are bit-for-bit copies the other applications you are used to, and both have of the contents of a CD-ROM or DVD-ROM. Many media full-service user interfaces with more bling available burners can write these; if yours can't, make an Internet than you really need. search for “iso image burners” to find a suitable application. You may prefer to use a live memory stick which is faster, more convenient to carry, and can also store data. If so, I recommend the free program unetbootin, which converts an If your hardware dates from the XP era, it may lack iso image to a suitable form and writes it to a stick. It's PAE or a modern display controller and you'll have to be available for Linux, OS X, and Windows. Finally, if you have more careful. Something like Xubuntu (840 Mbytes) virtualization software, such as Oracle's VirtualBox, you can runs fine on older machines, but includes all the modern boot directly from the iso image file without burning Linux applications found in the top-of-the line systems. anything. However, its user interface is more Spartan. To use a portable operating system, a computer must be configured so that it checks its CD-ROM drive and USB Diagnostic and Repair ports for bootable media before it checks the hard disk. Most computers check for CD- and DVD-ROMs, but you may have to set up your ROM BIOS to check for bootable cont. on pg.8 VOLUME 33 ISSUE 11 Page 4 Newsletter of the Hartford User Group Exchange Nov., 2014
Password Managers: What They Are and How to just a few (10 or a dozen), a password manager can be Use One extremely helpful, and provide an extra measure of By Mike Morris, President / Editor, Front Range PC security for you. Users Group, Fort Collins, CO Originally published in k-Byte, the newsletter of the How do password managers provide this extra security? Front Range PC Users Group www.frpcug.org With KeePass the extra security is provided through these features: Introduction 1. All your passwords are stored in one database. A password manager application is ". . . software that helps 2. The database is locked with one master key or a a user organize passwords. . . . The software typically has key file, so you only have to remember one single a local database or a file that holds the encrypted master password (OK, you also need to remember the password data for secure logon onto computers, networks, password to your computer, so that's 2 passwords you web sites and application data files . . . ." (Wikipedia) have to remember). (http://bit.ly/PhVjkz). 3. The database(s) is (are) encrypted using (one of) the best and most secure encryption algorithms Before you ask "why bother," think for a moment about currently known (AES). how many web sites you connect to that require a 4. KeePass can generate strong random passwords password. Do you use the same (or very similar) password for you. for most or all of those web sites? If you are like the overwhelming majority of computer users, the answer to Source: KeePass Password Safe (http://bit.ly/IzB7qC) that question is likely to be "yes." Since KeePass is open source, you get this extra You should, very definitely, NOT do that! security for free. All of the computer security experts (and there are a lot If all of those features sound a little "techie," don't of them these days) warn us not to use the same password worry, KeePass is actually easy to use. Therefore, for all accounts. For example: KeePass (v. 2.20) will be used to demonstrate how you use a password manager application. As with all good "The message of password reuse security is one that Hord things, it takes a little effort to enter the data--at least, Tipton, executive director of the International it does if you need as many passwords as I do. Information System Security Certification Consortium (ISC2), echoes. (www.ics2.org) Installation "Diversifying your passwords for each account is essential You can download the current version (which, as of to protecting all of your online information," Tipton said. 02/04/2014, for Windows, is 2.25) from the KeePass web "Once a password has been stolen, hackers often attempt site, http://keepass.info/. The installation follows the to access multiple accounts, compounding the potential usual Windows sequence. However there is one damage."" window in the sequence worth a comment: Source: Yahoo Email Is Breached: Lessons Learned (http://bit.ly/1h5jSZi)
See also Password Security, Protection, and Management (http://1.usa.gov/1fYSklG)
With respect to Mr. Tipton, "diversifying your passwords" is much easier said than done . . . unless you use a password manager. There are a number of these applications (for example, see this http://bit.ly/PhT1Sg), but one, KeePass, is a ". . . free, open source, cross-platform and light-weight password management utility for Microsoft Windows, with This step may not be necessary at this point, but unofficial ports for Linux, Mac OS X, iOS and Android . . . establishing that file association at the beginning ." Wikipedia (http://bit.ly/1k8zUV3). probably reduces the risk of future problems. In fact, if you need a lot of passwords (I counted over 70 Set Up web sites that I use that need a password), it is almost impossible to keep track of them. But even if you have Once the installation is complete, at the first launch
VOLUME 33 ISSUE 11 Page 5 Newsletter of the Hartford User Group Exchange Nov., 2014
you will see the KeePass main screen: With the location and file name selected, click on Save. You will see:
At this point, you have two primary set up tasks: 1. Create a database 2. Enter data into the database You create a database with these steps:
Click on File, then on New: You enter a Master Password into this window. It needs to be a "strong" password, but it also needs to be something you can remember. A “strong” password is: “A password that is hard to detect both by humans and by the computer. Two things make a password stronger: (1) a larger number of characters, and (2) mixing numeric digits, upper and lower case letters and special characters ($, #, etc.).” Source: PC Magazine (http://bit.ly/1h5lq5l) This password you may want to write down (yes, using the You will be asked (in the usual Windows format) to decide old fashioned pencil and paper); and although this should where you want to save the program. Here is an example be obvious, don’t identify it on that piece of paper. You of that window from my computer: may also want to keep it with you. From the KeePass Help file (Composite Master Key): “If you forget this master password, all your other passwords in the database are lost, too. There isn't any backdoor or a key which can open all databases. There is no way of recovering your passwords.” A more detailed discussion of passwords vs. key files is available from the Composite Master Key section of the KeePass Help file. If creating a strong password that you can remember seems contradictory, enter: The default Save location for Windows 7 is, of course, Documents. Remember, you can choose to save the database anywhere on your computer. I set up a separate how to create strong passwords that you can remember folder called KeePass in the root directory of my hard into your favorite search engine. You will find many drive and saved the database there (just my preference). articles with suggestions. Note also that a default "File name" is entered. I After you enter your password, click on the OK button at modified that name, in the expectation (as yet unproven), the bottom right of the Create Composite Master Key that I will eventually need multiple databases. I chose window. You will see something similar to this (I will NewDatabase_1. talk about the Database Settings window that is part of the database creation process later—the default values are acceptable):
VOLUME 33 ISSUE 11 Page 6 Newsletter of the Hartford User Group Exchange Nov., 2014
you register at any web site. You add as many entries as you need passwords. If you choose to organize them into groups, click on the group name in the left panel before you click on Add Entry. I want to depart momentarily from this sequence and return to the Create New Password Database steps. You will see a Database Settings window during this set up (you can also access Settings from the File menu after the database is created). All of those settings can be left at their default values. However, you may want to enter a description. For example: You can add groups, and/or modify their order. However, you are, at this point, ready to enter data. You use the “Add Entry” window for this task. It is available from the Edit menu and from the Toolbar:
How to Use the Password Here are the steps for using the password: 1. Connect to the log in window of the web site of interest. You can also connect to the web site from KeePass. Right click on the entry for that web site and then click on URL. If you have more than one browser installed (as I do), you can choose which one to use from the list that is displayed:
When the Add Entry window is displayed, it will already contain an automatically generated strong password:
2. Once you are connected to the web site’s log in window, in KeePass, right click on the entry for that web site and then click on “Copy User Name”: Return to web site log in screen and paste the user name into the appropriate field (you could, of course, just type that in). 3. In KeePass, right click (again) on the entry for that web site and this time click on “Copy Password.” Return to web site log in screen and paste the password Your user name will also be included. The only field into the appropriate field. required, other than the password, is the URL of the web site for which you want to use this password. 4. Click on the log in or sign in button for the web site.
cont. on pg 9 VOLUME 33 ISSUE 11 Page 7 Newsletter of the Hartford User Group Exchange Nov., 2014
from pg. 4 For hardware and software maintenance and repair, I prefer The Smiley Face Turned 22 years old September 19th Parted Magic (327 Mbytes), which I discussed in my April, Art Gresham, Editor, Under the Computer Hood User June, July, and August 2012 articles, available at Group, CA http://www.bcug.com. (See the screen-shot below.) The September 2013 issue of Drive Light standard version of Parted Magic requires PAE; for www.uchug.org computers without this, look the version with “586” in its 1editor101 (at) uchug.org iso filename. Unfortunately this valuable tool is no longer free, but its $5 cost is quite reasonable, and your can still ”Scott Fahlman was the first documented person to use find an older free version with a little searching. You may the emoticons :-) and :-(, with a specific suggestion that prefer SystemRescueCD, which also has a good reputation they be used to express emotion. The text of his and is still free. original proposal, posted to the Carnegie Mellon University computer science general board on 19 I haven't found DOS and Windows portable systems, such as September 1982 (11:44), was thought to have been lost, Ultimate Boot CD or BartPE, to be effective. There are also but was recovered 20 years later by Jeff Baird from old some specialized tools, such as Network Security Toolkit backup tapes.” and BackTrack, for penetration testing, i.e., computer and network hacking, but they require substantial expertise and 19-Sep-82 11:44 Scott E Fahlman :-) are interesting only to network professionals. From: Scott E Fahlman
Damn Small Linux (52 Mbytes) and Tiny Core Linux (15 Mbytes) are even smaller, but of course they provide more modest capabilities. I've introduced only a few of the hundreds of available live operating systems and suggested only a few uses. If none of them suit your needs, check the Internet. Dick Maybach
VOLUME 33 ISSUE 11 Page 8 Newsletter of the Hartford User Group Exchange Nov., 2014
from pg. 7 Plugins for KeePass 2.x (http://bit.ly/PhVjkz) There is one important note regarding these steps. information. You have only a limited (but adjustable) time to paste the user name or password after you copy it. KeePass will Acknowledgements clear the Clipboard after some number of seconds for security reasons. That time is set in the Security tab of Thanks to Front Range PC Users Group member Bert the Tools/Options menu item: Broekstra for his help with learning this program. Thanks to Front Range PC Users Group member Herb Cantor for finding the “Yahoo Email is Breached . . .” article and for sending the link to me.
from pg. 2 Note that in the image above, that time is set to 12 seconds. passcodes . Extras Is your cell phone company using perma-cookies to track your web activity? Verizon creates a unique So far, these instructions cover just the basics. There are identifier (UIDH) for you that's posted to every web many extras, three of which are worth mentioning, site you visit, which could be used by advertisers and although not discussed here in detail (see the KeePass other companies to track your activity online. There's Help file). no way to turn it off. Find out if you’re being tracked - 1. Generate your own passwords: If you are not http://lessonslearned.org/sniff satisfied with the automatically generated passwords, you can create your own. Click on the icon under the 3 dots HP to announced a 3D printer expected to arrive in and you will see: 2016. The company said its technology will spur competition and speed up development. The Wi-Fi Alliance’s Passpoint standard now knits together San Francisco, San Jose, and London. The specification sets up Wi-Fi roaming between the city- owned networks. This lets residents and visitors set up a secure connection with either network and then automatically get on the other city’s system whenever they enter its coverage area. Stuart Rabinowitz Editor 2. Mobility: There is a “portable” version (http://keepass.info/download.html) that you can install on a flash drive that will allow you to use KeePass on any other computer (with some restrictions—see the KeePass Help file) “without creating any new registry keys and it doesn't create any configuration files in your Windows or application data directory of your user profile.”
3. Plugins: There are a large number of plugins available (http://keepass.info/plugins.html), including one called KeeForm that will "(open) websites and fill in the login data automatically, for Internet Explorer and Firefox." Before you install any plugin, be sure to read the
VOLUME 33 ISSUE 11 Page 9 Newsletter of the Hartford User Group Exchange Nov., 2014
Membership: Anyone may become a member. Dues are $12 per year and include a PULP Staff one-year subscription to The Pulp as well as access to the HUGE Public Domain disk Editor Stuart Rabinowitz libraries. Meeting topics, times and places can Distribution George Carbonell be found on page 1 of this issue.
Officers & SIG Leaders President: George Carbonell 860.568–0492 [email protected] Vice President Stuart Rabinowitz 860.633–9038 [email protected] Secretary: Ted Bade 860.643–0430 [email protected] Treasurer: Charles Gagliardi 860.233–6054 [email protected] Director at Large: Richard Sztaba [email protected] Web Manager: Bob Bonato [email protected]
Membership: Richard Sztaba [email protected] Integrated SIG: Stuart Rabinowitz 860.633–9038 [email protected] November 2014 Sunday Monday Tuesday Wednesday Thursday Friday Saturday 1
1983 IBM PCjr introduced 2 3 4 5 6 7 8
1984 Tandy 1000 introduced 9 10 11 12 13 14 15
16 17 18 19 20 21 22 General Meeting 2004 “World of 7 PM Warcraft” debuts 23 24 25 26 27 28 29
1972 Pong created 30 Computer Security Day -- Change Password VOLUME 33 ISSUE 11 Page 10